Website Download Support
 

Discuss this help topic in SecureBlackbox Forum

Distributed Cryptography Java applet

The Distributed Cryptography (DC) Java applet can be used to sign data remotely. The user is able to use Windows system certificate storage, cryptographic tokens and smart cards which provide PKCS#11 drivers, and X.509 certificates loaded from a Java Key Store file (*.jks) or from a PFX-file (*.pfx, *.p12).

The applet can be embedded into a HTML page using the following code:

<applet archive="com.secureblackbox.dc.jar, com.secureblackbox.dc.applet.jar"
     code="com.secureblackbox.dc.applet.ElDCServerApplet" width=500 height=240>
    <param name="Color" value="color value in form #RRGGBB" />
    <param name="DataURL" value="absolute or relative url" />
    <param name="GoURL" value="absolute or relative url" />
    <param name="AllowFileStorage" value="false|true|no|yes" />
    <param name="AllowWindowsStorage" value="false|true|no|yes" />
    <param name="AllowTokenStorage" value="false|true|no|yes" />
    <param name="Token" value="token name" />
    <param name="Data" value="base64-encoded xml request" />
    <param name="SessionID" value="unique text" />
</applet>

Parameters

The following parameters are supported by DC Java control:

  • SessionID

    A string that will be added to a query string of the answers.

  • Data

    Base64-encoded XML document produced by TElDCAsyncState class.

  • DataURL (optional)

    URL that will be used to POST the resulting signature; the resulting data is in the form of XML and is posted with application/xml Content-Type field set. Query part of the URL is allowed; SessionID parameter will be added to it automatically. If DataURL parameter is not specified, the resulting signature is sent using query part of the GET request to the URL specified in GoURL parameter. Both absolute and relative URLs are supported.

  • GoURL (optional)

    URL that will be used to navigate the browser and (if DataURL is not specified) to return the resulting data. Query part of the URL is allowed; SessionID parameter will be added to it automatically. If DataURL parameter is not specified, the resulting signature will be added to the query as Data parameter using base64 encoding. If GoURL parameter is not specified, the browser will remain on the page which contains the control. Both absolute and relative URLs are supported.

  • AllowFileStorage (optional)

    Specifies if the user is allowed to use keys loaded from files. Possible values are: "true" or "yes" to allow the user to load keys from files, and "false" or "no" to disable this. If the parameter is not specified, the default value is "yes".

  • AllowWindowsStorage (optional)

    Specifies if the user is allowed to use keys from the Windows system certificate storage. Possible values are: "true" or "yes" to allow the user to use keys from Windows certificate storage, and "false" or "no" to disable this. If the parameter is not specified, the default value is "yes".

  • AllowTokenStorage (optional)

    Specifies if the user is allowed to use keys from security tokens and/or smart cards. Possible values are: "true" or "yes" to allow the user to use keys from security tokens and/or smart card, and "false" or "no" to disable this. If the parameter is not specified, the default value is "yes".

  • Token (optional)

    Name of token that must be used to sign the data. If the parameter is not specified, the user will be prompted to select a token from the list of registered tokens in his/her JRE. If the parameter is specified, but there is no provider with name SunPKCS11-<token name> (without brackets) registered in the JRE, the user will not be able to use crypto tokens at all.

  • Color (optional)

    Background color of the applet in HTML style: #RRGGBB. If the parameter is not specified, the applet will be of WHITE color.

  • height

    The applet is designed to have height 240 px.

  • width

    The applet is designed to have width of 500 px.

Support for different key and certificate storages.

  • Windows certificate storage

    If the applet is running on Windows platform, and there is at least one certificate with a private key in the storage, this option will be enabled. On other platforms, or if there is no certificate with a private key in the storage, this option will be disabled.

  • Cryptographic tokens and smart cards using PKCS#11

    To use such a device, it must be registered in JRE on the client computer. Instructions how to perform the registration are available here. Upon start the applet looks for all providers the names of which start with SunPKCS11-. If there are no providers found, this option will not be available. You can force the user to use certain device by specifying its name via Token parameter. You can also disable the use of certain devices by specifying a unique token name that cannot be found on any client computer.

  • Java key storages and PKCS#12 (pfx, p12) files

    This option is always enabled.

Validation of requests

When the applet loads a request from another party, the signature of this request is validated. For validation, Java certificate storages are used. Also, an attempt is made to use Windows system storages (when the applet runs on Windows).

Discuss this help topic in SecureBlackbox Forum

Copyright (c) 2018, /n software, inc.